qemu-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH 04/13] usb-ohci: Use universal DMA helper functi

From: Anthony Liguori
Subject: Re: [Qemu-devel] [PATCH 04/13] usb-ohci: Use universal DMA helper functions
Date: Thu, 21 Jun 2012 07:55:58 -0500
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:11.0) Gecko/20120329 Thunderbird/11.0.1 
On 06/21/2012 02:33 AM, Michael S. Tsirkin wrote:

On Thu, Jun 21, 2012 at 08:02:06AM +1000, Benjamin Herrenschmidt wrote:

On Wed, 2012-06-20 at 16:40 -0500, Anthony Liguori wrote:


Well let's return void in the DMA methods and let the IOMMUs assert on error.
At least that will avoid surprises until someone decides they care enough about
errors to touch all callers.

I think silently failing a memcpy() can potentially lead to a vulnerability so
I'd rather avoid that.


No I'd rather keep the error returns, really, even if that means fixing
a few devices. I can look at making sure we don't pass random qemu data,
on error that's reasonably easy.

assert on error means guest code can assert qemu ... not a great idea
but maybe we can add a warning.


Why not?  Guest can always just halt if it wants to anyway.
On the other hand, warnings can fill up host logs so
represent a security problem.


As long as we scrub the buffers, returning an unhandled error seems okay to me.
I've long thought we should have some sort of generic way to throw an error and effectively pause a single device. I'm not sure how it would work in practice though. 

Regards,

Anthony Liguori
reply via email to
[Prev in Thread] Current Thread [Next in Thread]